Fear The Infected IoT Devices

I’m a huge fan of pretty much any zombie movie or TV show, like The Walking Dead. One of the things that makes zombie shows so scary and disturbing is how the zombie infection can turn family and friends into unstoppable monsters out to destroy you.

Interestingly, as someone who has been covering the rise of the Internet of Things, I’m starting to see some pretty clear similarities between IoT and the zombie apocalypse. Just look at technology news today and you’ll see a literal “horde” of stories about how easy it is to take over IoT and smart home devices, how hackers can use them to spy on your home, infect your network, and even impact your safety.

One of the biggest stories of recent weeks was the DDoS attack on major DNS provider Dyn. Powered by the Mirai botnet, which leverages unsecured IoT devices to get much of its strength, this DDoS attack disrupted many major sites on the Internet for a short time.

Luckily, Dyn was able to stop the attack pretty quickly but not before the dangerous power of unsecured IoT devices was shown. And much like how herds of walkers (ie. Zombies) in The Walking Dead can overwhelm secure enclaves, the Internet now finds itself increasingly at the mercy of infected Zombie IoT devices.

Predictably, this has led to a lot of discussion on how this IoT issue can be remedied. Many have talked about government regulation, or the use of a lab to certify secure IoT devices. And there is a rush of security vendors working to bring IoT firewalls and other devices to homes and businesses.

These are interesting ideas, and they all have their pluses and minuses. But we the consumer can make moves that can start to improve things as well.

First, many of these IoT devices are lacking even basic security measures. Most that have been used in botnets were susceptible because users had never changed the default usernames and passwords. Devices should force users to make a change right away.

And it isn’t just the consumer’s fault. These IoT device vendors are basically enabling these devices with full computer capabilities, for devices that have very basic and limited use cases. If vendors locked down devices so they could only do the things they are supposed to do, that would also help security a great deal.

In zombie shows, you can always tell the characters who are going to get bitten and be turned into ravening monsters. They aren’t realistic about the threat, they don’t follow basic precautions, and they take stupid and unnecessary risks.

If IoT device makers can take a few steps to stop basically doing the technology equivalent of wandering through a dark, zombie infested house alone, we could immediately improve IoT security a great deal. Sure, it wouldn’t fix everything and many of the other rules and security tools would still be necessary.

But as any survivor of a zombie apocalypse will tell you, the first step to survival is being smarter about the dangers that are out there.